In the prior art, a legitimate user can log into a website through a computing device using the user's username and password. An illegitimate user may steal the user's password when the user logs into a website via a PC, and the illegitimate user may keep the legitimate user's login session on the computing device active by periodically refreshing the web page, which refreshes a login timestamp. The login session can be kept active by refreshing the webpage to refresh the login timestamp. The login session may be kept open by the illegitimate user even if the legitimate user changes the login password. The illegitimate user can still refresh the login session timestamp by refreshing the page to keep the login session, and login status, active despite the legitimate user's password change. The illegitimate user can keep the login session, and status, active without the legitimate user's knowledge or permission.